Your message dated Sun, 16 Oct 2016 17:03:35 +0000 with message-id <e1bvoqv-0001o7...@franck.debian.org> and subject line Bug#840935: fixed in libarchive 3.2.1-5 has caused the Debian Bug report #840935, regarding libarchive: CVE-2016-8688: Out of bounds read in mtree parser to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 840935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libarchive Version: 3.1.2-11 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libarchive. CVE-2016-8688[0]: Out of bounds read in mtree parser If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8688 [1] https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libarchive Source-Version: 3.2.1-5 We believe that the bug you reported is fixed in the latest version of libarchive, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 840...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Henriksson <andr...@fatal.se> (supplier of updated libarchive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Oct 2016 15:41:59 +0200 Source: libarchive Binary: libarchive-dev libarchive13 libarchive-tools bsdtar bsdcpio Architecture: source Version: 3.2.1-5 Distribution: unstable Urgency: medium Maintainer: Debian Libarchive Maintainers <ah-libarch...@debian.org> Changed-By: Andreas Henriksson <andr...@fatal.se> Description: bsdcpio - transitional dummy package for moving bsdcpio to libarchive-tools bsdtar - transitional dummy package for moving bsdtar to libarchive-tools libarchive-dev - Multi-format archive and compression library (development files) libarchive-tools - FreeBSD implementations of 'tar' and 'cpio' and other archive too libarchive13 - Multi-format archive and compression library (shared library) Closes: 840934 840935 840936 Changes: libarchive (3.2.1-5) unstable; urgency=medium . * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f - Fixes for upstream issues 747, 761, 767 also known as CVE-2016-8689, CVE-2016-8688, CVE-2016-8687 (Closes: #840934, #840935, #840936) Checksums-Sha1: 3f5e79dbe5db04426d4463ffd1ed325916c638e3 2449 libarchive_3.2.1-5.dsc 9e0bb51bc3020c8dd8867248b699c23071409ff4 27112 libarchive_3.2.1-5.debian.tar.xz Checksums-Sha256: fefccd517f1d69a4977f8cc2b5d8f2e96d290da6915c44f45c9de1a1af1a9b68 2449 libarchive_3.2.1-5.dsc 4de4bf44613428f9eb7c0cbde82183d2edffa856ae3501dcea07fc69b8789770 27112 libarchive_3.2.1-5.debian.tar.xz Files: 9d21830fdac357eaccbd5ece05ca016d 2449 libs optional libarchive_3.2.1-5.dsc 6fdff5908c67fd45e8d60aac0f798e2a 27112 libs optional libarchive_3.2.1-5.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIuBAEBCgAYBQJYA4UmERxhbmRyZWFzQGZhdGFsLnNlAAoJEAvEfcZNE1MGdn4P /1j3X2ohSpxe3sFccB7VUjAtipKzxdHAuf7BT5xQBZa2CHVTOgFbRqZpjOnCpFuz LY0XEcQWI8i92kWBEzltMpiKh6eEEjBOxHGCRPv4OwEvzGuGdRaNsyH6qnLqF6Bh j5Y8GX5xeZXuhipRjeCUMP4u6EnTKaGV0PBZ00qqvOvplPM4l2cJfsClDX8ZDLdu wZnI3RmQDImpXH+big4GSKSZfYqzQoJV2RodduORhCiquVBSmoDiiDfsNXyH3R9D oOZQLkLULgaZbMeyG5br5XkOagd273bitmnUIpaAoauPSCBT5LKUl4pfdT7cOQJ0 YeYpMC4tewXz4RN97FZxHsNNqsWz76nNz39uKzghIIy3SA565WJkv92O0rMIBhzv SkMe0TkGK/w7R2aEgNjfQ64zQTYmxDqEiEkYkVf8TpwWXOppgBbrb615UXR1aVtR rhUPVmrmYMA5/XIK9xLcNasUAJNRZtvYkLTqoTVhtvCAAASonFdaaExH/y6BIFC0 DFm3GzDWBmoqsuPrD+SoJryTOiDvvpv1R4j1SJh7A571+lELFb5o8tPyEfG6EFPV WsDjiIMBpqQZgisUPKEWWBmdDgXy8NkgyYHt4E6JjmOX/laVmJxZJlUGk2DH16xZ bQbdMCAEZdDDToV+zu2so38kNOxl81x5mi6Yb5TjOmnl =KBI9 -----END PGP SIGNATURE-----
--- End Message ---
